Results 1 to 3 of 3

Thread: Trash pointers to shortstrings and array of const: one extra pitfall

  1. #1

    Trash pointers to shortstrings and array of const: one extra pitfall

    Array of const is a great tool to write custom formatting / string concatenation functions. You put anything in square brackets, in any quantities, your function receives what it sees as a dynamic array of variant.

    Now there's a funny pitfall with trash pointers. Usually if you use trash pointers to make values, the crash happens at the call to your function and the cause is pretty clear.

    But! If you are unlucky to feed your function a dereferenced trash pointer to a shortstring (can come from invalid dechiphering of RTTI)... Variant uses shortstrings as a pointer to a shortstring. So the code that manages the call does not actually dereference. It uses your trash pointer as is, inserting it into a now broken variant, then passes it to your function without causing any effects.

    The crash then happens *inside* of your function when it tries parsing that broken variant and finally accesses the memory the trash pointer points to. AV.

    This is harder to find cause of -- and if it happens that your function was in the core of your error processing mechanism... Boom! The whole system collapses leaving you without a clue to what had caused the crash. No backtrace, no error message (it was trying to compose it using that broken RTTI info).

    Have fun debugging

  2. #2
    What exactly are trash pointers in this case?
    This is my game project - Top Down City:

    My OpenAL audio wrapper with Intelligent Source Manager to use unlimited:

  3. #3
    A non-NIL pshortstring pointing to a forbidden memory region, made by incorrectly deciphering RTTI.
    I was trying to upgrade my code to proper RTTI handling of fpc 3 from 2.6.4's ugly hacks and I made a mistake.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts